bpo-40412: Nullify inittab_copy during finalization (GH-19746)

Otherwise we leave a dangling pointer to free'd memory. If we
then initialize a new interpreter in the same process and call
PyImport_ExtendInittab, we will (likely) crash when calling
PyMem_RawRealloc(inittab_copy, ...) since the pointer address
is bogus.

Automerge-Triggered-By: @brettcannon
(cherry picked from commit 64224a4727)

Co-authored-by: Gregory Szorc <gregory.szorc@gmail.com>
This commit is contained in:
Miss Islington (bot) 2020-05-01 16:06:23 -07:00 committed by GitHub
parent e05828055e
commit 1205afb3e1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 0 deletions

View File

@ -0,0 +1 @@
Nullify inittab_copy during finalization, preventing future interpreter initializations in an embedded situation from crashing. Patch by Gregory Szorc.

View File

@ -300,6 +300,7 @@ _PyImport_Fini2(void)
/* Free memory allocated by PyImport_ExtendInittab() */ /* Free memory allocated by PyImport_ExtendInittab() */
PyMem_RawFree(inittab_copy); PyMem_RawFree(inittab_copy);
inittab_copy = NULL;
PyMem_SetAllocator(PYMEM_DOMAIN_RAW, &old_alloc); PyMem_SetAllocator(PYMEM_DOMAIN_RAW, &old_alloc);
} }